| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180823204501.GX4225@linux.vnet.ibm.com> Date: Thu, 23 Aug 2018 13:45:01 -0700 From: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com> To: Josh Triplett <josh@...htriplett.org> Cc: nicolas.pitre@...aro.org, linux-kernel@...r.kernel.org Subject: Re: Kernel-only deployments? On Thu, Aug 23, 2018 at 12:12:35PM -0700, Josh Triplett wrote: > On Thu, Aug 23, 2018 at 10:43:59AM -0700, Paul E. McKenney wrote: > > Hello! > > > > Does anyone do kernel-only deployments, for example, setting up an > > embedded device having a Linux kernel and absolutely no userspace > > whatsoever? > > I would very much *like* to do this. One day I'd like to have a > CONFIG_USERSPACE that I can disable, and then just have the kernel call > an in-kernel main() where it would normally start init. This looks to be an easy change, though it might not seem so easy after starting to try it out. ;-) > > Those who know me will not be at all surprised to learn that I went > > overboard making the resulting initrd as small as possible. I started > > by throwing out everything not absolutely needed by the dash and sleep > > binaries, which got me down to about 2.5MB, 1.8MB of which was libc. > > This situation of course prompted me to create an initrd containing > > a statically linked binary named "init" and absolutely nothing else > > (not even /dev or /tmp directories), which weighs in at not quite 800KB. > > This is a great improvement over 10MB, to say nothing of 40MB, but 800KB > > for a C-language "for" loop containing nothing more than a single call to > > sleep()? Much of the code is there for things that I might do (dl_open(), > > for example), but don't. All I can say is that there clearly aren't many > > of us left who made heavy use of systems with naked-eye-visible bits! > > (Or naked-finger-feelable, for that matter.) > > I have definitely built initramfs images containing nothing but a single > statically linked /init before. Cool! > If you want to make it even smaller, you could avoid linking in libc at > all, and just write a short assembly stub, but I don't know any way to > do that *portably* without writing raw assembly for each target > platform. That would get you down to a few kB though. I do need portability. And even 800K isn't -that- big a deal, much though my earlier self would disbelieve this. > > This further prompted the idea of modifying kernel_init() to just loop > > forever, perhaps not even reaping orphaned zombies [*], given an appropriate > > Kconfig option and/or kernel boot parameter. I obviously cannot justify > > this to save a sub-one-megabyte initrd for rcutorture, no matter how much > > a wasted 800K might have offended my 30-years-ago self. If I take this > > next step, there have to be quite a few others benefiting significantly > > from it. > > I would *love* to have support for omitting userspace entirely. And once > we have that, we can start ripping out so many other things... ;-) > One thought, though: that won't necessarily give you a representative > rcutorture experience, given that you need to test things like the > nohz-on-non-idle support, which interacts with "am I in userspace". That is an excellent point. I should keep the initrd specifically to retain userspace execution, and should also occasionally run CPU-bound in userspace. Easy enough! And thank you! Thanx, Paul
Powered by blists - more mailing lists